Find Answers

Using Patch Filters

The Automox patch policy gives you several filters that you can enable to control which patches are applied to your devices.

Exclusion Filter

Suppose you want to create a policy that applies all patches except .NET:

Create a patch policy and select "Patch All Except"

In the Policy Scope section, you can select the policies and patches that you'd like to exclude:

Enter search criteria in "Filter Package List"

You can further filter the packages returned by specifying a group in the "Filter by Group" dialog. When you select a group it will only display the packages found on endpoints in that group.

Select packages from the Package List located in the Policy Scope section.

If you select a specific package, the exclusion filter will look for that exact package.

If you want to exclude based on a pattern match, you can choose the Everything "<package name>" list item. In the example below we have excluded everything that has .NET in the package name by selecting the Everything .NET list item.

Inclusion Filters

Inclusion filters are created in a similar fashion as exclusion filters - just be sure to choose the "Patch Only" option at the top of the patch policy.

Severity Filters

If you'd like to create a policy that only applies patches of a certain severity level, you can use a severity filter. By clicking on the "By Severity" option at the top of the patch policy, you can select the different levels of patch severity that you'd like to have applied to the devices assigned to this policy. See the following image for details.